bool ads_sitename_match(ADS_STRUCT *ads);
bool ads_closest_dc(ADS_STRUCT *ads);
ADS_STATUS ads_connect_creds(ADS_STRUCT *ads, struct cli_credentials *creds);
-ADS_STATUS ads_connect_anon(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_cldap_only(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_simple_anon(ADS_STRUCT *ads);
+#define ads_connect_anon(__ads) ads_connect_simple_anon(__ads)
ADS_STATUS ads_connect_no_bind(ADS_STRUCT *ads);
ADS_STATUS ads_connect_machine(ADS_STRUCT *ads);
ADS_STATUS ads_connect(ADS_STRUCT *ads);
SMB_ASSERT(creds != NULL);
}
- if (!(ads->auth.flags & (ADS_AUTH_ANON_BIND|ADS_AUTH_ANON_BIND))) {
+ if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
+ /*
+ * Simple anonyous binds are only
+ * allowed for anonymous credentials
+ */
+ SMB_ASSERT(cli_credentials_is_anonymous(creds));
+ }
+
+ if (!(ads->auth.flags & (ADS_AUTH_CLDAP_ONLY|ADS_AUTH_ANON_BIND|ADS_AUTH_ANON_BIND))) {
ads->auth.flags |= ADS_AUTH_GENERATE_KRB5_CONFIG;
}
/* Now do the bind */
if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
- if (!cli_credentials_is_anonymous(creds)) {
- status = ADS_ERROR_NT(NT_STATUS_WRONG_CREDENTIAL_HANDLE);
- goto out;
- }
status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, NULL, NULL));
goto out;
}
ADS_STATUS ads_connect_creds(ADS_STRUCT *ads, struct cli_credentials *creds)
{
SMB_ASSERT(creds != NULL);
+ /*
+ * We allow upgrades from
+ * ADS_AUTH_NO_BIND if credentials
+ * are specified
+ */
+ ads->auth.flags &= ~ADS_AUTH_NO_BIND;
+
+ /*
+ * We allow upgrades from ADS_AUTH_ANON_BIND,
+ * as we don't want to use simple binds with
+ * non-anon credentials
+ */
+ if (!cli_credentials_is_anonymous(creds)) {
+ ads->auth.flags &= ~ADS_AUTH_ANON_BIND;
+ }
+
return ads_connect_internal(ads, creds);
}
/**
- * Connect to the LDAP server using anonymous credentials
+ * Connect to the LDAP server using without a bind
+ * and without a tcp connection at all
+ * @param ads Pointer to an existing ADS_STRUCT
+ * @return status of connection
+ **/
+ADS_STATUS ads_connect_cldap_only(ADS_STRUCT *ads)
+{
+ //ads->auth.flags |= ADS_AUTH_CLDAP_ONLY;
+ ads->auth.flags |= ADS_AUTH_NO_BIND;
+ return ads_connect_internal(ads, NULL);
+}
+
+/**
+ * Connect to the LDAP server using anonymous credentials,
+ * using a simple bind without username/password
+ *
* @param ads Pointer to an existing ADS_STRUCT
* @return status of connection
**/
-ADS_STATUS ads_connect_anon(ADS_STRUCT *ads)
+ADS_STATUS ads_connect_simple_anon(ADS_STRUCT *ads)
{
struct cli_credentials *creds = NULL;
ADS_STATUS status;
}
/**
- * Connect to the LDAP server using without a bind at all
+ * Connect to the LDAP server using without a bind
+ * and without a tcp connection at all
* @param ads Pointer to an existing ADS_STRUCT
* @return status of connection
**/
*/
ads_s->config.flags = 0;
- ads->auth.flags &= ~ADS_AUTH_NO_BIND;
status = ads_connect_anon(ads_s);
if ( !ADS_ERR_OK(status))
goto done;
*/
ads_s->config.flags = 0;
- ads->auth.flags &= ~ADS_AUTH_NO_BIND;
status = ads_connect_anon(ads_s);
if ( !ADS_ERR_OK(status))
goto done;
git.samba.org / metze / samba / wip.git / commitdiff